Tag: attack
-
Hacker group threatens to release Grand Theft Auto VI data in Rockstar Games attack
The group named ShinyHunters have accessed a third party server and have given the company a deadline of 14 April to enter ransom negotiations Rockstar Games, the studio behind Grand Theft Auto, has been the target of a cyberattack for the second time in three years. A hacker group called ShinyHunters said it would release…
-
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-rolls-out-emergency-fix-for-acrobat-reader-zero-day-flaw/
-
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
Tags: access, advisory, ai, api, attack, authentication, breach, cloud, credentials, cve, data-breach, exploit, firewall, flaw, Internet, open-source, rce, remote-code-execution, software, theft, tool, update, vulnerabilityCredentials stolen in under three minutes: To track real-world exploitation, deployed honeypot servers running vulnerable Marimo instances across multiple cloud providers and observed the first exploitation attempt within 9 hours and 41 minutes of disclosure. No ready-made exploit tool existed at the time. The attacker had built one using only the advisory description, Sysdig researchers…
-
Seven IBM WebSphere Liberty flaws can be chained into full takeover
Tags: access, attack, authentication, credentials, cve, data, data-breach, encryption, flaw, ibm, passwordAdminCenter flaws allow further escalation: Beyond initial access, the research outlined critical issues within WebSphere Liberty’s administrative controls. The AdminCenter component, designed to enforce role-based access, contains multiple flaws that allow low-privileged users to access sensitive files and secrets.One issue, tracked under CVE-2025-14915, enables “reader”-level users to retrieve critical server files such as authentication keys,…
-
Hackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows Attacks
Cyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining attention is MSBuild.exe, a native Windows development tool signed by Microsoft. Originally designed to build and run C# code from XML-based…
-
Iran-Linked CyberAv3ngers Target Water Utilities, Industrial Controllers
Iran-linked threat group CyberAv3ngers is intensifying attacks on U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained disruption of operational technology (OT) environments. CyberAv3ngers operates as a state-directed persona for Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), not as an independent hacktivist crew. U.S. Treasury sanctions in February 2024 named six IRGC-CEC…
-
CPUID watering hole attack spreads STX RAT malware
Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got infected with the STX RAT, giving attackers remote access to their systems. The short attack…
-
What Is Identity Risk Intelligence? (And Why It’s Replacing Monitoring)
Tags: attack, credentials, cybersecurity, data-breach, identity, intelligence, monitoring, risk, toolA new category is emerging in cybersecurity For years, organizations have relied on monitoring tools to detect compromised credentials and exposed data. But as identity has become the primary attack surface, those tools are no longer enough. A new category is emerging in response: Identity Risk Intelligence This isn’t just a new label. It represents……
-
MITRE releases a shared fraud-cyber framework built from real attack data
Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/13/mitre-fight-fraud-framework-f3/
-
Security Affairs newsletter Round 572 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…
-
DDoS Attack Types Explained: Volumetric, Protocol, and Application Layer Attacks
Key Takeaways There are three main DDoS attack categories: Volumetric (Layer 3), Protocol (Layer 4), and application layer (Layer 7) each with different attack characteristics Each category requires a different mitigation approach, though the mitigation of layer 3/4 attacks is the same in majority of cases Application layer (L7) attacks are the hardest to… First…
-
Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.
Tags: apt, attack, automation, cisa, cyberattack, data-breach, exploit, infrastructure, Internet, iran, technology, threatCensys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warned of Iran-linked APTs exploiting internet-exposed Rockwell Automation PLCs. Threat actors are carrying out cyberattacks targeting internet-connected operational technology (OT) across multiple critical infrastructure sectors.…
-
GlassWorm evolves with Zig dropper to infect multiple developer tools
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat…
-
GlassWorm evolves with Zig dropper to infect multiple developer tools
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat…
-
RaaS Gang Anubis Claims Signature Healthcare Data Theft
Attackers Allege They Stole 2TBs of Patient Data, But Didn’t Encrypt IT System. Ransomware group Anubis claimed it stole 2 terabytes of patient data in an attack this week on Signature Healthcare. The Massachusetts health system is still diverting ambulance patients from its hospital and using paper charts while it continues to recover. First seen…
-
Anthropic Claude Mythos Will Break Vulnerability Management
Tags: access, ai, attack, control, cyber, cybersecurity, data, exploit, metric, risk, software, tool, update, vulnerability, vulnerability-managementAnthropic’s latest AI Model, Claude Mythos, will break the cybersecurity vulnerability management operational models. Mythos is so good at discovering and building viable exploits it is currently being rolled-out in a controlled manner under “Project Glasswing”. Those cybersecurity companies who have early access are attesting to the blazing speed and accuracy of the model…
-
Anthropic Claude Mythos Will Break Vulnerability Management
Tags: access, ai, attack, control, cyber, cybersecurity, data, exploit, metric, risk, software, tool, update, vulnerability, vulnerability-managementAnthropic’s latest AI Model, Claude Mythos, will break the cybersecurity vulnerability management operational models. Mythos is so good at discovering and building viable exploits it is currently being rolled-out in a controlled manner under “Project Glasswing”. Those cybersecurity companies who have early access are attesting to the blazing speed and accuracy of the model…
-
Bypassing LLM Supervisor Agents Through Indirect Prompt Injection
Indirect prompt injection lets attackers bypass LLM supervisor agents by hiding malicious instructions in profile fields and contextual data. Learn how this attack works and how to defend against it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/bypassing-llm-supervisor-agents-through-indirect-prompt-injection/
-
The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks
Flashpoint analysts, working with partner financial institutions, have observed a growing number of PhaaS operations operating with a level of coordination and specialization more commonly associated with legitimate software platforms. These ecosystems bring together phishing kit developers, infrastructure providers, spam delivery services, and financially motivated actors into a single, scalable pipeline for fraud. First seen…
-
Stryker warns of earnings fallout from March cyberattack
The medtech company was targeted in a wiper attack linked to an Iran-sponsored threat group. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/stryker-Iran-cyberattack-material-impact-earnings/817211/
-
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/nearly-4-000-us-industrial-devices-exposed-to-iranian-cyberattacks/
-
Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium
Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients. EHR (Electronic…
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
-
Crushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AI
Tags: ai, attack, business, credentials, crypto, cve, data, data-breach, malicious, moveIT, network, okta, radius, risk, software, supply-chain, threat, update, vulnerability, zero-daySee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways: Tenable Hexa AI, the agentic engine of the Tenable…
-
Florida investigates OpenAI for role ChatGPT may have played in deadly shooting
Last week, the family of one of two victims in the attack announced it plans to sue OpenAI because the gunman allegedly constantly communicated with ChatGPT in the days leading to the shootings. First seen on therecord.media Jump to article: therecord.media/florida-investigates-openai-chatgpt-deadly-shooting
-
UK says it exposed Russian submarine activity near undersea cables
A Russian attack submarine and vessels from the country’s Main Directorate of Deep Sea Research (GUGI) were involved in what the UK Ministry of Defence called “nefarious activity over critical undersea infrastructure elsewhere.” First seen on therecord.media Jump to article: therecord.media/uk-says-it-exposed-russian-submarine-activity
-
ClickFix campaign delivers Mac malware via fake Apple page
Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to >>reclaim disk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/10/clickfix-mac-malware-script-editor/